Since FreeNAS had its face lift, I've decided to move all my shares onto the ACLs as I share via SMB to windows computers.
I have one problem, and would like a sanity check on the rest please.
I have two users, Alice & Bob, a Family Group (of which both Alice and Bob are members), and a Syncer group (which I use on a Ubuntu VM).
Alice has her own data set - data set permissions are Alice:Alice with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
Bob has his own data set - data set permissions are Bob:Bob with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
We have a media data set - data set permissions are nobody:Family with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
So far so good. On our windows computers, I can see Bob and Media, and Alice can see Alice and Media.
On the Ubunutu VM, it can see Bob, Alice and Media and it utilises Syncthing to sync with offsite locations.
However if one of those offsite locations modifies a file, for example in the media share. Alice and bob can't see the file from the windows computer. On the VM, it is there, and when I ls -l from the shell it is there.
For example
A file that is viewable from Bob and Alices windows computers, and the VM.
But here is an example of a file that has been modified via syncthing. It is browser able on the VM, but the folder is empty on the windows machines. And I can not understand why, the permissions are exactly the same.
Any ideas where I have gone wrong?
Is this the 'best' way to have ACLs set up?
Cheers
I have one problem, and would like a sanity check on the rest please.
I have two users, Alice & Bob, a Family Group (of which both Alice and Bob are members), and a Syncer group (which I use on a Ubuntu VM).
Alice has her own data set - data set permissions are Alice:Alice with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
Bob has his own data set - data set permissions are Bob:Bob with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
We have a media data set - data set permissions are nobody:Family with the ACL rules being:
group@ Allow, Basic, Full Control, Basic, Inherit.
group Syncer Allow, Basic, Full Control, Basic, Inherit.
So far so good. On our windows computers, I can see Bob and Media, and Alice can see Alice and Media.
On the Ubunutu VM, it can see Bob, Alice and Media and it utilises Syncthing to sync with offsite locations.
However if one of those offsite locations modifies a file, for example in the media share. Alice and bob can't see the file from the windows computer. On the VM, it is there, and when I ls -l from the shell it is there.
For example
A file that is viewable from Bob and Alices windows computers, and the VM.
Code:
SSH@freenas:~ % sudo ls -l /mnt/Tank/Media/Movies/Aladdin\ \(2019\) total 20628748 ----rwx---+ 1 nobody Family 10563359688 Jan 16 13:14 Aladdin (2019) - [BLURAY-1080P][DTS 5.1][X264].mkv
But here is an example of a file that has been modified via syncthing. It is browser able on the VM, but the folder is empty on the windows machines. And I can not understand why, the permissions are exactly the same.
Code:
SSH@freenas:~ % sudo ls -l /mnt/Tank/Media/Movies/Alien\ \(1979\) total 3978656 ----rwx---+ 1 nobody Family 2038312572 Jan 4 03:19 Alien (1979) - [BLURAY-1080P][AAC 5.1][X264].mp4
Any ideas where I have gone wrong?
Is this the 'best' way to have ACLs set up?
Cheers